mackrauss
commented
9 years ago Turns out that HttpsURLConnection requires the WWW-Authentication header being present when a 401 error is returned.
see http://stackoverflow.com/questions/17121213/java-io-ioexception-no-authentication-challenges-found http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses http://www.sitepoint.com/understanding-http-digest-access-authentication/
Our server is hosting multiple https domains under the same IP address. This was not possible in the past, but is fixed with Server Name Indication (SNI) http://en.wikipedia.org/wiki/Server_Name_Indication
However, both server and client need to support SNI and the Apache HTTP stack in Android does not. http://stackoverflow.com/questions/5879894/android-ssl-sni-support
The goal is to switch to
HttpsURLConnectioninstead